ATM Security Working Group Best Practice for Physical ATM Security ATMSWG supported by prepared for the ATM Security Working Group by Alan Weight, HSBC September 2009
21.00 Generic ConsiderationsThe minimum physical security recommendations in this chapter refer to the ATM itself, its host premisesand the general movement of cash within the premises. The security of cash replenishment by Cash-in-Transit providers will not form part of the guidelines in this best practice manual for ATM physical security.The security guidelines listed are recommended as crime reduction "good practice". They are designed toprovide minimum security guidelines. Additional security measures and practices may well be required andwill depend on existing local premises security and the assessed risk carried out prior to site selection andinstallation. These guidelines are intended to complement the advice of local police and government,insurers and security advisers, as well as the manufacturer’s guidelines.The crime reduction advice in this document is given free without the intention of creating a contract. Theauthors of these security guidelines do NOT take any legal responsibility for the security advice contained inthe best practice manual.2.00 The ThreatsThese guidelines focus on the key issues, being: 2.01 Ram Raid A ram raid is an attempt to remove an ATM, and its contents, from its location, usually after battering through to the ATM with a motor vehicle. A ram raid involves an attempt to rip the ATM out of its position and remove it from its premises with the intention of breaking into the machine later to steal its cash. Ram raids often take place in the early hours of the morning in areas where police response times might be slower than normal. This type of incident invariably causes considerable damage to the premises and, often, to its contents. 2.02 ATM Burglary An ATM burglary is when an ATM is broken into to steal its cash. The attack takes place on site and may be a traditional “safe breaking” method or perhaps as violent as explosive attack using gas or accelerants. 2.03 ATM Replenishment Attack Where directly employed staff, merchant or CIT courier are attacked by criminals in the process of replenishing or dealing with cassettes within the machine. Attacks usually take place when the ATM safe is open to receive / remove cassettes, or when staff are transporting moneys through unsecured areas. These attacks usually place personnel under considerable duress or physical threat.3.00 Types of ATM DeploymentTypical examples of ATM deployments include: 3.01 Purpose Built Standalone Site (Kiosk) - Typically sited in motorway services, shopping malls, retail parks, etc. They may be a proprietary security pod which is secured to a prepared concrete base and then given exterior finishes e.g. cladding or alternatively a purpose built structure, typically constructed of masonry or metal. All cash servicing will take place within the unit. 3.02 Dedicated ATM Room (Within a Larger Building) - A room which is constructed as a secure area to house ATM’s where the cash carrier or site operator can securely replenish the ATM’s. The ATM’s are normally installed through a wall onto a public area (which may be within the building or out to a public thoroughfare). The access point to the room may be in a public area or via a secure area. Typical sites include shopping malls and bank branches. 3.03 Adapted ATM Room (Within a Larger Building) - A room which is suitably altered to provide the same facilities as above. Typical sites include petrol stations, shopping malls, bank branches etc. 3.04 ATM Lobby - Typically separated from a main banking hall which operates extended hours. 3.05 ATM Sited Through Glazed Shop Front - ATM’s are usually sited on the external fascia of a building giving public access to the ATM. All cash servicing takes place at the rear of the machine, although this may not always be within a secure service area. Typical sites include bank branches or financial institutions.
3 3.06 ATM Sited Through a Masonry Shop Front - As for ATM’s sited through glazed shop fronts, but may also include a metal construction rather than masonry. 3.07 ATM Sited Within Unoccupied Premises - These are typically bank or building society premises which are closed pending disposal or refurbishments. ATM’s likely to be through glazing or masonry. 3.08 ATM Freestanding (Within the Public Area of a Premises) - These are typically situated in supermarkets, bank branches etc. The cash servicing of the machine should only take place during times when the public has been excluded from the premises. 3.09 ATM Freestanding (With a Servicing Shroud) - The servicing of the machine may take place when the public are present at the host site. Particular attention should be given to the carriers walk distance and the risk posed to members of the public. Typical sites include retail malls or petrol stations.4.00 Risk AssessmentsSite selection and installation of ATMs should always be preceded by risk assessments. During initial sitevalidation, or at subsequent site risk assessment visits, an ATM should be classified by the deployer as Low,Medium or High risk.Risk assessment criteria can depend on organisational, insurance and law enforcement recommendationsand requirements. Industry advice may also be sought from industry approved consultants.It is not intended to give specific advice on the process of risk assessment in these guidelines, however, asa minimum. Such assessments should take account of:• The safety of all staff, ATM users, and the public• Crime history of area and site itself, aided by local police intelligence• General conditions of site, including lighting, proximity to other community services, visibility, etc• Proposed positioning of the ATM within premises of selected site• Existing / proposed security measures on site• Cash replenishment model – Own staff, merchant or CIT Fill?• The cash rating of the security container fitted to the ATM employed or to be employedIt is recommended that details of site risk assessments be recorded in defined reports and stored in anorganisational database.Risk assessments will be tailored to fit the requirements of each deploying organisation.Where CIT couriers or merchants are involved in the replenishment process, they may also wish toundertake their own risk assessment, which will need to be used in conjunction with the deployer’sassessment to ascertain the overall risk rating for the site.It is also recommended that each ATM deploying organisation conducts a detailed and thorough ATM riskanalysis for their own country, and geographical areas of operation, and that based on this, a detailed ATMsecurity strategy is prepared and up-dated on a regular basis, say every two years, or in response toemerging trends.5.00 Site PreparationContracts relating to ATM deployment should clearly define the party (or parties) responsible for thefollowing actions:• Preparation of the site (including specified physical protection against “ram raids”)• Provision, installation, testing and commissioning of all security equipment• Provision of a dedicated telephone line (if required).• The ATM Base preparation (as required)• The electrical preparation (as required), including the provision of clean power.
46.00 InstallationContracts relating ATM deployment should clearly define the party (or parties) responsible for the followingactions:• Installation, testing and commissioning of all security alarm equipment• Installation, testing and commissioning of the Lock (testing and commissioning only if he lock is pre- installed by the ATM Supplier)• Defining and ensuring compliance with all general Site Requirements• Provision of all plans/documentation relating to the construction of the building and ATM Anchoring7.00 Liaison with Police and Local AuthorityIt is strongly recommended that liaison take place with the local Police crime reduction department and theLocal Authority in advance of submitting a planning application in order to obtain any site-specific informationthat may be relevant to the installation of the ATM.8.00 InsuranceBefore installation of an ATM the premises / business owner is strongly advised to inform their Insurer sothat they can advise their minimum security requirements for the premises in view of the additional riskpresented.9.00 SafeThe security provided by the security container (safe) within the ATM should be to a level commensuratewith that required for the value of cash loaded in the ATM, or to a level that meets the deployer’sdocumented minimum standard. Reference should be made to the relevant EN 1143-1 or UL 291 ATMsecurity standards.Where lower quality safes are the only option available (due to the fact that some ATM manufacturers willonly offer their own preferred model of safe), then it may be appropriate to consider imposing a limit uponthe amount of cash that may be loaded into the machine at any given time to reduce exposure / potentialloss in the event of an attack against a lesser strength ATM safe. 9.01 Safe Type Recommended – High/Medium Risk Area For higher risk areas it is recommended that a minimum CEN 3 (or equivalent) safe be used. This can be lowered to a UL 291 Level 1 / CEN L safe used in conjunction with other, optional risk reduction measures where it is not possible to obtain such grade of safe from the ATM supplier. 9.02 Safe Type Recommended - Low Risk Area For areas defined as lower risk it is recommended that a UL291 Level 1 / CEN L safe be used, in conjunction with other, optional risk reduction measures as identified via the risk assessment process.10.00 ATM Lock Installation - Security ContractorFor installed ATMs where a Bank requires a Time Delay / Time Lock, the Bank’s security contractor shouldfit it in accordance with the manufacturer’s requirements. It should then be connected to an appropriatealarm system with monitoring via an ARC and a test made. For ATMs supplied with locks which haveexternal alarm monitoring capabilities, the lock should be connected to an appropriate ARC and a test made.If there is a requirement to monitor the status of a remotely monitored lock, it should be monitored from anappropriate ARC 24 hours daily. The ARC should automatically generate an alarm signal if the telephoneline fails or is cut. The ARC should be able to monitor the functionality required by the ATM deployer e.g.lock open/closed, time access windows.11.00 Alarm Equipment Installation - Security ContractorAll equipment should be correctly fitted in accordance with the manufacturers specifications. Once theequipment has been fitted a live test of each item mentioned above must be conducted and a check madethat the ARC picked up each signal.12.00 Intruder Alarm System - PremisesThe premises should be protected by an intruder alarm system with monitored remote signalling to an ARCto a security level commensurate with the risk level:• The system should qualify for the required local police response• If it is a "confirmable" alarm system, a dual signalling facility should be provided
5• The system should be designed to give the earliest possible warning of potential / actual attack on the ATM• Consideration should be given to including personal attack alarms in the system• A maintenance record should be kept for the alarm detection system and routine maintenance should be conducted. The minimum should be one planned maintenance visit each year (dependent upon the grade of system installed).Reference to the relevant BS/EN Performance Standards will be necessary.13.00 Intruder Alarm system – ATMIn addition to alarming the premises consideration should be given to alarming the ATM itself. This can beachieved by means of a stand-alone alarm system with its own unique reference number (URN), or may bea separate area of the premises alarm system. This will be jointly determined by the site host and deployer(who, in some circumstances, will be the same organisation):• The system should be monitored by remote signalling to an ARC and should qualify for an appropriate local police response.• If it is a “confirmable” alarm system a dual signalling facility should be provided. The design should ensure that the system is armed at all times other than for maintenance, for servicing and cash replenishment.• It should give the earliest possible warning of attack on the ATM• Consideration should be given to including personal attack alarms for the use of CIT crews / replenishment staff in the event of an attack during cash replenishment.• A maintenance record should be kept for the alarm detection system and routine maintenance should be conducted. The minimum should be one planned maintenance visit each year (dependent upon the grade of system installed).14.00 Alarm EquipmentThe following alarm equipment is recommended for installation at each ATM location: Seismic Detector / A seismic / stress detector should be fitted to the ATM safe body and safe door. Stress Detector Magnetic Contact A dual reed magnetic contact switch should be fitted to the door of the ATM Safe. A dual reed magnetic contact should also be fitted on the door of the ATM Secure Service Room (if provided). This should be on a different circuit to the alarms fitted to the ATM safe. Volumetric Detector A volumetric detector should be placed on the wall of the ATM Secure Service Room. This should be able to detect any movement in the area surrounding the ATM. This should be on a different circuit to the alarms fitted to the ATM safe. If the Bank Branch has a cellar, which is under its direct control, a volumetric detector should be fitted to cover the area underneath the ATM anchoring. Personal Attack Personal Attack Alarms should be fitted in the ATM Secure Service Room as close Alarms as possible to the ATM. This is to provide protection to staff servicing or replenishing the ATM. If ATM’s are in a public area, then consideration should be given to installing a radio based Personal Attack Alarm, such that staff can be issued with portable devices. Alarm Control An alarm control panel (combination) should be fitted in the immediate vicinity of the Panel(s) ATM where necessary. If access control is used to secure the room, then an additional panel does not need to be fitted at the room door. Access Control Where possible, access to the rear of the ATM should be restricted and a door swipe or keypad system should be used to control the ATM secure Service Room door. Heat Sensor A heat/smoke sensor should be fitted inside the ATM. This should detect any form of oxy-acetylene or burning bar attack on the ATM, and should be on the ATM security circuit.
615.00 Control & Monitoring 15.01 Alarm Receiving Centre (ARC) The alarm system should be monitored from an ARC 24 hours daily. The ARC, which should conform to ISO and local police standards, should automatically generate an alarm signal if the telephone line fails or is cut. In the event that an alarm signal is received, the ARC should respond according to its standard operating procedures. 15.02 Response In the event of an alarm the ARC should be able to request a response from a third party to visit the ATM within an agreed (ideally contractually binding) time period. 15.03 System/Line Failure In the event that the alarm detection system fails to operate for any reason, or there is a fault in the telephone line, the ATM should be cleared of all cash until such a time as the system is operational and has been tested.16.00 CCTVShould the site risk assessment require it, the premises may be protected by a CCTV system, with orwithout detection facility, viewing the ATM, but not viewing the ATM keypad. As a minimum, CCTV shouldbe digitally recorded and, where risk dictates, may be remotely monitored by a third party ARC.In the case of a street-based ATM, this should be located in an area where a public CCTV system operates.When an ATM is located in an area where a public CCTV system operates, the deployer or agent shouldliaise with the agency responsible for the CCTV system to include the ATM site in any preset automaticcamera settings or to request regular sweeps of the site. The CCTV system should not be able to view theATM keypad thereby preventing observation of PIN entry.17.00 Passive ComplianceIn the event of an attack during opening hours, staff should be advised to passively comply with the raiders’demands and must be trained accordingly.18.00 PIN ProtectionFor locations deemed to have a high risk of ATM fraud, it is recommended that a written siting policy besubmitted, subject to audit, confirming that the ATM is positioned to prevent oversight of the PIN pad fromany source (cardholders in the queue, passers-by, mirrors, etc).19.00 ATM LightingWhere a national standard for illumination of the keyboard and surrounds of an ATM does not exist, an ATMDeployer should set its own standard. 200-300 Lux is recommended for ATM keyboard illumination. 50 Luxis suggested as the minimum ambient illumination at floor level up to a distance of 1 metre from the face ofthe ATM and extending 75 cm either side of the mid-point of the ATM. This is also the minimum levelrecommended should a CCTV camera be fitted. 200 Lux ambient illumination at floor level should beconsidered in areas deemed to pose a higher risk to customers at night
720.00 AnchoringThere are a number of methods of anchoring. The appropriate method will be determined by the nature ofthe deployment and the perceived risk as identified through the risk assessment process. 20.01 Basic Anchoring The ATM should be securely fixed to the floor through its security container by a minimum of four resin anchor bolts (minimum 16mm diameter to a minimum depth of 150mm) into a substantial concrete base. Where a timber floor is involved the ATM should be bolted to a steel base plate by a minimum of four bolts, which is bolted through the floor joists by a minimum of four bolts. When anchoring, reference should be made to the manufacturer’s guidelines. 20.02 Base Composition During the Site Validation an assessment should be made of the base to ensure that it is of sufficient strength and depth to anchor the ATM. It is recommended that screed is not included in any measurements of base depth. 20.03 On Solid Ground - Use Existing Base If it is deemed possible to use the existing base, the existing concrete should be reinforced and of a minimum depth of 15cm to meet the requirements of the anchor bolt manufacturers. The ATM can then be anchored directly into it. 20.04 On Solid Ground - Plan for New Base If it is not possible to use the existing base without modification, then arrangements should be made to strengthen the base. A minimum depth of 15cm reinforced concrete should be retained with the existing base, in order to anchor the new base to it. 20.05 ATM Plinth - Plinth Type Required For the ATM to be properly anchored it should be able to sit on a plinth that will enable it to exactly reach the required height. When deciding on an ATM plinth, ATM deployers should assess its construction from a security perspective. Plinths specially constructed to withstand ‘ram raids’ and other brute force attacks may be considered for higher risk locations. 20.06 Anchoring ATM to Plinth For installers using CEN approved plinths, the anchoring arrangements should be those that are approved in the CEN documentation for that product. The correct implementation of those arrangements will guarantee good anchoring. 20.07 Anchoring Plinth to Base - No Cellar – Sufficient concrete This assumes that the ATM will be anchored into solid ground with sufficient concrete. Sufficient Concrete is reinforced concrete to a minimum depth required for the length of bolt used. For details of required depths it is recommended to consult the handbooks of the major anchor bolt manufacturers e.g. Hilti. 20.08 Anchoring Method - Installation Contractor The installation contractor should anchor the ATM in accordance with the relevant CEN (or other) standard relating to the grade of safe used. 20.09 Anchoring Certificate - Installation Contractor The Installation & Maintenance Contractor should complete a Certificate stating that the anchoring has been done in accordance with these requirements. All exact measurements relating to the anchoring should be recorded. A copy of this Certificate should be passed to the ATM deployer for audit purposes. 20.10 Anchoring Plinth to Base - No Cellar – Insufficient concrete This assumes that the ATM will be anchored into solid ground with insufficient concrete. Insufficient concrete is concrete that is not reinforced and does not meet the minimum requirements of the anchor bolt manufacturers. When this is the case a concrete base should be constructed and properly attached to the existing floor.
820.11 Base Preparation - Building ContractorWhen preparing a base the Building Contractor should follow the minimum requirements of heanchor bolt manufacturers. Guidelines for the preparation of a 30cm base are as follows:• The base should be constructed using as standard two U-sections (UPN 160 - 160mm x 65mm x7.5mm). Larger U-sections may be used depending on the required height of the base.• Minimum of 16 x Steel (BE50) Rods (4x4) should be used to anchor the base to the floor. These Rods should be 12mm diameter.• They should be anchored into holes drilled to a depth of 8cm and with a diameter of 16mm. The anchoring must be done using HILTI Chemical Paste HIT-HY 150.• A Steel Grid (BE50 - 150mm x 150mm x 8mm x 8mm) must be constructed to lie on top of the Steel Rods.• The existing floor surface must be roughened and wetted.• Concrete (Class C40/50) must be poured into the construction, which must meet a crush resistance of 35N/mm2 after 7 days.20.12 Base Construction Certificate - Building ContractorThe Building Contractor should provide a Certificate stating that the Base has been constructedand anchored in accordance with these requirements. A copy of this Certificate should be passedto the ATM deployer for audit purposes.20.13 Anchoring Method - Installation ContractorThe installation contractor should anchor the ATM in accordance with the relevant CEN (or other)standard relating to the grade of safe used.20.14 Anchoring Certificate - Installation ContractorThe Installation Contractor should complete a Certificate stating that the anchoring has been donein accordance with these requirements. All exact measurements relating to the anchoring should berecorded. A copy of this Certificate should be passed to the ATM deployer for audit purposes.20.15 Anchoring Plinth to Base over a CellarThis assumes that the ATM will be anchored over a cellar/basement/garage to which the publicmay or may not access, and for which entry/egress control may or may not be under the directcontrol of the Bank, or other TTW ATM deployer. After the Site Validation visit, the ATM DeployerSecurity Representative should approve the proposed anchoring plan.20.16 Anchoring Method - Installation ContractorThe installation contractor should anchor the ATM in accordance with the relevant CEN (or other)standard relating to the grade of safe used.20.17 Anchoring Certificate - Installation ContractorThe Installation Contractor should complete a Certificate stating that the anchoring has been donein accordance with these recommendations. All exact measurements relating to the anchoringshould be recorded. A copy of this Certificate should be passed to the ATM Deployer for auditpurposes.20.18 Installation in Solid WallIf accessible from an area with vehicular access, the ATM should always be installed behind a solidbrick or concrete wall. If one does not exist, it should be constructed. If this is not possible, theoptions laid down under “Steel Section Wall” and “Steel Girders (HEB-100 Sections) below shouldbe followed, and should be approved by the ATM Deployer – Security Department.20.19 Wall Construction - Building ContractorThe Building Contractor should construct a wall that must be at least 14cm thick and with a mass of1,900 kg/m3. Any deviations from the above should be cleared with the ATM Deployer beforeinstallation takes place, and should be shown in the Construction Certificate.20.20 Construction Certificate - Building ContractorThe Building Contractor should provide a Certificate stating that the wall does comply with therequired standard and stating the exact composition and depth of the Wall. A copy of this Certificateshould be passed to the ATM Deployer for audit purposes.
920.21 Installation in Steel Section WallIn the event that it is not possible to install the ATM behind a brick or concrete wall, then the nextpreferred method is to install it behind a solid steel section.20.22 Steel Section Anchoring to Floor - Building ContractorThe Building Contractor should anchor the steel section to the floor as follows:• Use a minimum 4 x M10 Chemical Bolts HVY (Hilti)• Anchoring only to be done in concrete - minimum depth 9 cm.• Hilti anchoring requirements should be mandatory• Non-destructive quality control of the anchoring should be made (resistance up to 25-35Nm)20.23 Steel Section Anchoring to Ceiling/Walls – Building ContractorThe Building Contractor should anchor the steel section to the ceiling/walls as follows: 20.24 TO CONCRETE CEILING • Minimum 4 x M10 chemical bolts HVY (Hilti) • Anchoring only to be done in concrete - minimum depth 9cm. • Hilti anchoring requirements are mandatory • Non-destructive quality control of anchoring to be made (resistance up to 25-35Nm) 20.25 TO BEAMS • The anchoring must be done directly into the Beam • If required a ‘bridge’ can be made using a Profile 60mm x 60mm x 4mm, to be anchored with 4 x M10 bolts. 20.26 TO WALLS • Anchoring must only be done in the mortar between the bricks with chemical bolts M10 HVU HAS (Hilti) • There must be 2 x M10 Bolts every 50cm with a minimum depth of 9cm. In the corners, top and bottom, a 15cm x 15cm steel plate must be used. • In cement blocks 1 x M10 bolt with injection of HIT+HY20 must be used, with the anchoring at least 15cm from the edge of the block.20.27 Construction Certificate - Building ContractorThe building contractor should complete a Certificate stating that the construction and anchoringhas been done in accordance with these requirements. All exact measurements relating to theconstruction and anchoring should be recorded. A copy of this Certificate should be passed to theATM Deployer for audit purposes.20.28 Steel Girders (HEB-100 Sections)In the event that it is not possible to install the ATM behind a brick or concrete wall, or a steelsection, then the next preferred method is to install it behind steel girders.20.29 HEB-100 Section Construction - Building ContractorThe Building Contractor should ensure that HEB-100 sections (or equivalent) are used for theframe as follows:• The HEB-100 sections should be installed on both sides of the ATM• The distance between the base sections must not exceed 1.25 Metres (and must be as small as possible)• If telescopic hollow sections are used, both sections must overlap for at least 50cm.• 2 x Cross sections (hollow section casing profiles 80mm x 60mm x 6mm) must be attached to the H-Sections, above and below the outer edge (or ‘nose’) of the ATM.• Each Cross section must be a hollow section of 80mm x 60mm x 6mm.20.30 HEB-100 Section Anchoring To Floor – Building ContractorThe Building Contractor should anchor the HEB-100 section to the floor as follows:• Use a minimum 2 x M10 Chemical Bolts HVY (Hilti)• Anchoring only to be done in concrete - minimum depth 9 cm.• Hilti anchoring requirements should be mandatory• Non-destructive quality control of the anchoring should be made (resistance up to 25-35Nm)
1020.31 HEB-100 Section Anchoring to Ceiling – Building ContractorThe Building Contractor should anchor the steel section to the ceiling as follows: 20.32 TO CONCRETE CEILING • Minimum 4 x M10 chemical bolts HVY (Hilti) • Anchoring only to be done in concrete - minimum depth 9cm. • Hilti anchoring requirements are mandatory • Non-destructive quality control of anchoring to be made (resistance up to 25-35Nm) 20.33 TO BEAMS • The anchoring must be done directly into the Beam • If required a ‘bridge’ can be made using a profile 60mm x 60mm x 4mm, to be anchored with 4 x M10 bolts20.34 Construction Certificate - Building ContractorThe building contractor should complete a Certificate stating that the anchoring has been done inaccordance with these recommendations. All exact measurements relating to the anchoring shouldbe recorded. A copy of this Certificate should be passed to the ATM Deployer for audit purposes.20.35 Anchoring Certificate - Installation ContractorThe Installation Contractor should complete a Certificate stating how the anchoring has been done.All exact measurements relating to the anchoring should be recorded. A copy of this Certificateshould be passed to the ATM Deployer for audit purposes.
1121.00 Definition of Stand Alone ATMStand Alone ATMs are ‘free-standing’, distinct from the more traditional Thru-the-Wall ATMs. Stand AloneATMs are not installed in the wall of a building, for example, at a bank branch. Typically, they are situated inconvenience stores, petrol stations, supermarkets, shopping malls, etc.The security guidelines distinguish, where necessary, between:• ATMs regularly filled with cash by the premises owner (the ‘Merchant Fill’ cash replenishment model)• ATMs filled with cash by the ATM supplier, who uses a Cash In Transit (CIT) provider to replenish the ATM (the ‘CIT Fill’ cash replenishment model)21.01 Scope of Security Requirements for Stand Alone ATMs21.02 On-site monitoring of the ATM by site personnelATM deployers should ensure that site owners/managers, or other on-site personnel, check the ATMregularly to ensure there are no alien or parasite attachments, such as skimming (or card copying) devices,that do not belong to the original device. ATM deployers should ensure that training and education is carriedout to enable this on-site monitoring to be effective. In the event that an alien or parasite attachment isdiscovered, there should be a clear procedure laid down as to what follow up action should be taken (i.e.inform the Police).21.03 LocationThe ATM should be sited within the premises well away from perimeter glazing, particularly shop fronts,preferably directly against a strongly built internal or perimeter wall, which does not have vehicular access toits external face, and positioned to avoid a direct and unimpeded line of access from a door or other accesspoint.To reduce the risk of vandalism to the ATM and to increase user safety, the ATM should be positioned in ahighly visible and well-lit area that allows maximum surveillance by counter staff and other customers.21.04 Security MeasuresOnce the ATM has been securely positioned on the premises and correctly anchored, it is important todecide on which additional security measures listed below will be required to counter the risks highlighted inthe assessment. It is essential to implement the appropriate level of security as determined by the riskassessment.21.05 Cash Removal and Replenishment for Merchant Fill ATMs• Fill the ATM with cash sufficient for one day/session trading only• Remove cash from the ATM at the end of trading to a safe of adequate security quality sited within the premises. This should be done with the premises locked and customers excluded• Leave the door open to the ATM, and security container (safe) within, when the premises are non- operational. Merchant-fill ATMs require line of sight from the outside of the premises in order for the would-be offender to see clearly that the ATM has been de-cashed outside of business hours• Replace cash into the ATM with the premises locked and customers excluded prior to opening for the next period of trading• Place notices prominently around the perimeter of the premises and on the ATM stating that the ATM holds no cash when the premises are non-operational21.06 Cash Removal and Replenishment for CIT Fill ATMs• It is good practice that the premises should be locked and customers excluded during replenishment; or, alternatively, it is recommended that a full enclosure security kiosk/area should be provided for CIT staff during removal/replacement of cash• Cash removal/replenishment should take place in accordance with the CIT Company’s procedures, a copy of which should be provided upon request.• This is of particular importance dependent upon liability for the cash inside the ATM and a clear liability statement is required.21.07 Maintenance of ATMsWhen an ATM is being serviced, if access to the safe is required, it is good practice to remove the cashduring the service, locking the premises and excluding customers while the cash is being removed and whileit is being replaced into the ATM, unless a security area or surround secure kiosk is provided.Whilst the service is being undertaken, the cash should be temporarily transferred to a locked safe ofadequate security quality for the risk involved
1221.08 Key security for CIT Fill ATMsFor CIT Fill ATMs, signs should be prominently displayed on the ATM and within the premises indicating thatthere are no keys available on the premises to allow access to the contents of the ATM. It is likely that theCIT carrier will provide their own PIN operated lock with rolling code encryption, rather than relying onphysical keys.22.00 Recommended Additional Security Measures for Higher Risk Deployments22.01 External MeasuresExternal approaches to the area of the premises where the ATM is sited should be protected by theinstallation of anti-ram bollards, vehicle-arresting systems, high rise kerbs, raised planters, reinforced lampposts or similar street furniture, usually subject to local authority approval.Where perimeter glazing extends down to the floor of the premises this should be protected by visuallypermeable metal roller shutters, security grilles or retractable anti-ram bollards configured to keep vehiclesaway from the vulnerable perimeter elements of the premises outside the premises operational hours, forexample, when the removal of the ATM from the premises is considered a risk, or when the area is morerisky from a crime history point of view.Where perimeter glazing cannot be protected in this way – e.g. premium retail unit or planning approval isnot received – the use of enhanced anchoring systems to prevent uplift and removal should be considered.22.02 Enhanced AnchoringInstead of the anchoring system recommended in Generic Considerations the ATM should be anchored byan enhanced anchoring system specifically designed to provide superior fixing for ATMs.22.03 Anti Ram ProtectionCan be fitted where ram raid attack to remove the ATM, is considered a risk. This protection might take theform of a purpose designed anti-theft plinth, chain anchoring systems or other enhanced anchoring / fixing.Where such devices are deployed these should be attached to the main body of the ATM safe itself and notto the exterior facings.22.04 Tracking SystemThe ATM may be fitted with a tracking system to enable its position to be determined in the event of theft ofthe ATM from the premises22.05 Banknote Degradation SystemA banknote degradation system may be installed, which dyes/stains/degrades notes when activated in orderto render them unattractive to thieves. These systems are fitted to each ATM cassette, to provide adeterrent to theft of, or from, the ATM. The banknote degradation system should be designed to activateimmediately the ATM is moved or attacked by any means. If required the system may incorporate a uniquechemical identifying system, although such identification systems should not be used in isolation. Where abanknote degradation system is utilised notices to this effect should be displayed prominently around theperimeter of the premises and on the ATM itselfAn independent test house should check any banknote degradation system used, and should certify that itdoes operate according to the manufacturer’s claims. Such a system should meet any national standardsrelating to usage of ink/dye systems. Each national Central Bank should also test the system on realbanknotes and should verify that the ink is safe, and that the required percentage of notes, are stained onthe required percentage of the printed area. Some banknote degradation systems can link with CIT toprovide end-to-end security between the ATM and the cash centre.22.06 Smoke Generating SystemAs an alternative to a banknote degradation system, a smoke generating system may be installed to protectthe internal area of the premises where the ATM is installed to provide a deterrent to theft of, or from, theATM. Such systems should be designed to activate immediately the ATM is moved or attacked by anymeans. The means of activation must be provided only when the area of the premises in which the ATM issited is non-operational. Such systems must not negate any procedures associated with fire and emergency,particularly in means of escape in the case of an actual fire. It is recommended that advice be taken from thelocal fire safety officer before installation. Where such system is utilised, notices to this effect should bedisplayed prominently around the perimeter of the premises and on the ATM itself
1322.07 Unique Chemical TaggantA Unique Chemical Taggant system may be installed. The system is a water based spray containing aunique chemical identifying agent which stays on skin, clothing or materials and can be used by police toassociate a person with a crime if they are in custody. Such identification systems should not be used inisolation. Where a system is utilised notices to this effect should be displayed prominently around theperimeter of the premises and on the ATM itself.These systems can be fitted to the premises or to each ATM cassette, to provide a deterrent to theft of, orfrom, the ATM. The system should be designed to activate immediately the ATM is moved or attacked byany means or can be activated by personal attack alarm activation to guard against replenishment attack.22.08 Cassette InterlockingPhysical interlocking of cassettes within the ATM safe to prevent removal of more than one cassette at anygiven time and usually incorporating a time delay between each cassette removal. This is designed to deterreplenishment attack and, in the event of such incident, reduce potential loss exposure to the contents ofone cassette.
1423.00 Definition of TTW ATMA TTW ATM does not stand on its own but is installed within the wall or perimeter glazing of a building(interior or exterior) to which it is affixed to allow customers to conduct transactions at the ATM outside of, oreven away from, a bank branch. Many of these machines are ‘bunkered’, meaning they are contained withina wall that is part of a lockable room, providing access to the rear of the ATM during cash replenishment,although some are serviced in public areas.This type of machine contrasts with free standing ATMs, which are not fixed within the perimeter wall orglazing of a building. The ATM is affixed to the floor at its location. Free standing ATMs are also known as‘lobby’ or ‘pedestal’ ATMs.For the purposes of cash replenishment, the assumption is made that cash replenishment will be conductedby Bank Branch staff, not by an external service supplier. For TTW ATMs installed at other types of locations(hypermarkets, petrol stations etc) and requiring cash replenishment by a commercial security organisation,please refer to Stand Alone ATM’s section of this document.
1524.00 Definition of Street-Based ATMsStreet-based ATMs are typically in public telephone kiosks and columns/pods situated on public footways.Unless otherwise stated the advice contained in this document relates to both ATMs in telephone kiosks andin columns/pods.With the advent of the mobile telephone in recent years the use of public telephone kiosks has significantlyreduced. In order to optimise the efficient use of these existing structures a number of ATM deployers havedeveloped an innovative business model to utilise telephone kiosks as ATMs. Telephone kiosks offer acombination of three features that make them ideally suited for conversion to ATMs - publicly convenientlocations, electricity and communications.24.01 Columns/PodsThese are stand-alone structures of varying shapes and dimensions that house an ATM and in somelocations Web/Internet connection facilities. These structures have typically been situated in car parks andother open locations to which the public have access and, more recently, on public footways.24.02 Location/Position of Street-based ATMThe street-based ATM should be positioned in a highly visible, well-lit area that provides maximum casualsurveillance by the general public and allows the replenisher or service engineer rapidly to survey theimmediate area.In the case of columns/pods, the ATM should be positioned to take advantage of any existing street furnituresuch as railings, high-rise kerbing, raised planters, lamp posts, etc., which may offer a deterrent against ram-raid type attacks.The ATM should be located in an area served by wide footpaths or thoroughfares that do not unavoidablyfunnel pedestrians into close proximity with ATM users.Ideally, the ATM should be located away from bus stops, pedestrian crossings, or other features where thepublic may have a legitimate reason to gather or loiter.Ideally, the ATM should be located as far as possible from doorways, recesses, passageways, secondaryroadways, shrubberies, hoardings or other features that may conceal a potential threat such as hidden long-range surveillance equipment or a criminal hiding from view.The ATM should be positioned to prevent physical observation of PIN entry from adjoining telephone kiosksor payphones. Telephone leads in adjacent telephone kiosks or payphones should be shortened to preventobservation of PIN entry from these. Where necessary, the door hinges of adjacent telephone kiosks shouldbe reversed in order that payphone customers exit away from the ATM user.The ATM should be positioned to allow the replenisher’s vehicle to park in the immediate vicinity and avoidan unnecessarily long distance to walk between the vehicle and the ATM, in addition to allowing constantline of sight between the replenisher’s vehicle and the ATM.In consultation with the replenishing company, the deployer or agent should liaise with the appropriateauthority to request that a parking area adjacent to the ATM be restricted for use by the replenishingcompany.24.03 Sounders and Flashing Warning LightsThe street-based ATM should be installed with an audible alarm sounder and/or visual flashing warning lightto indicate when the ATM is under attack and attract the attention of the public and assist police inpositioning the exact location of the ATM.The sounder and/or warning light should be automatically disarmed during replenishment and servicing andautomatically re-armed when replenishment / servicing is complete24.04 AnchoringThe street-based ATM should be securely fixed to a specifically designed anchoring system or concretebase through its security container by a minimum of four high tensile M16 bolts with appropriate washers of6mm minimum thickness. When fixing into a concrete base it is recommended that these bolts should be toa minimum depth of 150mm and that either resin anchor bolts or expanding anchor bolts are used toadequately anchor into the concrete.
16In addition to the anchoring system recommended above, the ATM should be secured with a restrainingchain that is bolted to the anchoring system using a high tensile anchor fixing, connected through the rear ofthe ATM and attached to the security container using a high tensile bolt with double nut and washer.24.05 BollardsIn addition to the anchoring system recommended above, approaches to the ATM should be protected bythe installation of anti-ram raid bollards, vehicle arresting systems, high-rise kerbing, raised planters,reinforced lamp posts or similar street furniture. These will usually be subject to local authority planningauthority.24.06 Armoured Anti-Bandit ShroudAs an alternative to a banknote degradation system, the ATM should be fitted with an armoured anti-banditshroud to provide a deterrent to theft and to enhance the safety of operatives during replenishment orservicing.24.07 Servicing of ATMsIn the event of an ATM needing servicing in the absence of an armoured anti-bandit shroud and subject tothe second paragraph of this item, the use of cash in transit services should be employed to secure the ATMcassettes when a service engineer needs access to the ATM security container.24.08 Defensible SpaceDefensible space ground markings should be employed at the front of the ATM, to indicate only one ATMuser at a time may enter the space. These will usually be subject to local authority planning authority.
1725.00 Recommended Lock TypesFor general guidance purposes, the following lock types are recommended for all installed ATMs: Primary Safe Locking The following locks are recommended: • A UL 437/Type 2, CEN Class B changeable key lock • A 3 wheel UL Group 2M/ CEN Class B Mechanical Combination Lock • A UL Type 1/ CEN Class B, 1 Time Code Electronic Combination Lock: in the event that this type of lock be used it is highly recommended that the following features should be taken into consideration: 1. Lock should support encryption technology for the codes 2. Unused lock codes should expire automatically 3. Seal code should start a security protection procedure in the event that the previous ATM closing has not been correctly effected 4. Lock should be able to provide Shared access between the Bank and the CIT company autonomously and simultaneously 5. That the owner of the lock can at any time be able cancel access to the ATM lock park without having to organise on site vendor meets • A UL Type 1/ CEN Class B Electronic Combination Lock If applicable, the electronic locks should be compatible with the monitoring/control system used by the Bank/ATM deployer. Secondary Safe Where a mechanical 3-wheel combination lock is already in use, for the purposes Locking (For dual of dual control an additional changeable key lock may be installed as a secondary control if required) lock to the primary. (A key locking dial may not be acceptable, dependent upon the agreed insured value for loss). Many modern electronic combination locks have a dual control function that allows dual control without the necessity to fit a second lock. One Time An approved third party is a commercial organisation authorised to carry cash in Combination Locks transit, to conduct cash replenishments and/or to conduct first & second line (For Use With maintenance of the ATM. Approved Third When such parties are used, it is recommended that one-time combination locks, Parties if required) with clearly identifiable audit trails, be used. Such locks may be used as the Primary Safe lock. Time Delay/Time When required a programmable time delay lock may be fitted, allowing a pre-set Locks delay whenever the lock is opened., this is usually 1-99 minutes in 1 minute increments Such a Lock, which may also be used as the Primary Safe Lock, may also be programmed as a Time Lock, whenever the Bank Branch/ATM Site is closed, and between replenishments. Time Delay Override In the event that a Multiple/Dual User Electronic Lock is fitted, it should be able to (TDO) be programmed with a Time Delay Override Code (TDO) that can be used by the CIT or ISO to allow the user to by pass the time delay for obvious reasons. The TDO should be able to be programmed to either allow direct after hours entry or Dual entry (second code needing to be entered within 60 seconds of the first) Duress Alarm (Hold The electronic lock should also be able to generate a “Duress” alarm. It is Up alarm) advisable that this code be easy to remember and use and not require any additional keystroke to activate. The best is 1 code up 1 code down activation; meaning if the code was 123456# the user would substitute the last digit by either a number above or below that of the last digit. BPI (Bolt Position Electronic locks should also be able to provide a dry signal indicating if the bolt is Indicator) in the Retracted position (open) or the Extended (Closed) position. This signal can be used to monitor the condition of the lock remotely, prevent a cascade (multiple door openings at the same time) attack on a group of ATMs or freeze the entry to the ATM room in the event that an ATM door is in the open condition. Alternatively there are many safe alarm systems in operation that monitor bolt position by other add-on means and these are acceptable and even compulsory alternatives in some countries.
1825.00 Emergency EgressCertain locations may require that the deployer provides an emergency escape facility that will in effectoverride the outer door locks.This is to combat the issues the CViT industry have had where robbers have taken the ATM door keys &have locked the crew inside. This is of particular concern to the Health & Safety departments of the carriersas the crews could be requiring urgent medical treatment, but the emergency services will be unable to gainaccess for some considerable time whilst locksmiths are being sought or spare keys being rushed to thescene. In the event of a serious incident, that time could mean the difference between life & death.Where such facility is provided, the panic release should meet BS EN 1125:1997 Building Hardware. Thumbturns & bar release / BS EN 179:1998 (Emergency) releases test standard.Many lock manufacturers meet this standard by having a thumb turn override to the secure side of the lock.